Method and apparatus for the secure storage of audio signals

ABSTRACT

A method and apparatus for recording audio so that the recording can be authenticated as to both content and time of recording is provided. The system may be implemented as a central server that is accessed via one or more telephone lines, or as a stand-alone unit. The system operates by encrypting audio information, storing the encrypted information, and providing users with a cryptographic key that can be used to decrypt the stored information. Preferably, time stamps are embedded in the stored information. Digital signatures may be used to provide additional security.

BACKGROUND OF THE INVENTION

[0001] This invention relates to a method and apparatus for recordingaudio information in an authenticatable, tamper-proof manner.

[0002] Traditionally, written documents have been used to providepermanent records of transactions and agreements. One example of thistype of document is a contract for the sale of an item, which typicallyidentifies the name of the parties, the date, the subject matter of thecontract, and a price. The contract provides a permanent record that canbe used at a later date to establish the terms of the agreement betweenthe parties.

[0003] Oral contracts, on the other hand, do not provide a permanentrecord of the terms of the agreement. As a result, if a dispute arisesover the terms of the agreement at a later date, it becomes difficult toprove exactly what the parties agreed to, or whether they made a bindingcontract at all. Because there is no permanent record, an unscrupulousparty could be untruthful about the agreed-upon terms to escape hisobligations. Even absent dishonesty, parties to an oral contract mayhave different recollections of exactly what they agreed to. Moreover,one of the persons who entered into the agreement may be permanently ortemporarily unavailable. These problems tend to worsen as time passes.

[0004] Because of these problems, all states have statutes declaringthat certain oral agreements are unenforceable, typically including thesale of land, and the sale of goods exceeding a certain value. If atrustworthy record of an oral agreement or transaction could beobtained, however, the problems of oral agreements could be overcome.

[0005] Existing methods of recording conversations, however, do notaddress these problems. For example, telephone answering machines, taperecorders, and handheld digital audio recording devices can be used torecord a voice or a conversation. It is, however, relatively easy todelete or to alter the recorded audio information. In particular,readily available electronic devices can splice sections out of an audioconversation, and can even rearrange words to make it appear that aparty said something that was never actually said. Moreover, there is noeffective way for parties to sign an audio recording. As a result, itmay be difficult to identify the parties that actually agreed to theterms contained in an audio conversation and intended to abide by suchterms. Further, there is no way known to applicants to verify that anoral negotiation matured into an agreement.

[0006] In addition, existing telephone answering machines and taperecorders do not provide a reliable indication of when the conversationoccurred. While some answering machines do record the time a call wasreceived, this “time stamp” is extremely unreliable because a partycould rerecord a new time over the time recorded by the answeringmachine. Alternatively, a party might either intentionally oraccidentally set the date on an answering machine incorrectly. Thiswould allow two corroborating parties to pretend that they made anagreement on a certain date, even though the agreement was not madeuntil a later date. As a result, telephone answering machines andordinary cassette recorders do not alleviate the problems of oralagreements described above.

[0007] STEN-TEL is an example of a system designed specifically forrecording telephonic audio information. STEN-TEL is available fromSten-tel Inc. (having a place of business at 66 Long Wharf, Boston,Mass. 02110). To use STEN-TEL, a person places a telephone call to theSTEN-TEL server, and the server digitally records the telephone call.After the digital recording is made, a transcriptionist accesses therecording and generates a typed record of the telephone call. The typedtranscription is then uploaded to the server, where it is stored.Permanent storage of the digitally recorded audio conversation isoptional. After the transcription is stored in the server, it can bedownloaded to the users. Every transcription is assigned a uniqueidentification number, and all status information is maintained in acentralized database.

[0008] The STEN-TEL system does not, however, overcome the drawbacks ofexisting telephone answering machines and audiocassette recorders.First, the ability to restrict access to files is limited ornon-existent. Apparently any person who has the file identifier canaccess the stored information. Second, the information is vulnerable totampering. Third, although STEN-TEL apparently stores the time of thecall, time stamps are not embedded into the stored information. Thismakes STEN-TEL vulnerable to modifications of the stored date for agiven conversation. Finally, digital signatures are not used to providesecurity and/or authenticate the parties.

[0009] One system that does incorporate certain security features isdescribed in U.S. Pat. No. 5,594,798 (Cox et al.), which describes avoice messaging system. In Cox's system, however, an encryption key isstored along with the encrypted message. Because a hacker could obtainaccess to the encrypted message by retrieving the encryption key, Cox'ssystem is vulnerable to attack. In addition, Cox's system is intendedfor use with secure telephone devices (STD). Ordinary telephones cannotcall into Cox's system to have an audio message recorded.

[0010] No existing audio recording system is known to applicants thatfacilitates the permanent recording of an audio conversation in anauthenticatable form so that a user can simply place a telephone call toa central server and have the server encrypt the conversation and recordthe time of the conversation, all in a tamper-proof manner.

SUMMARY OF THE INVENTION

[0011] This invention advantageously provides a user-accessible systemthat can record audio conversations in a secure manner, whereby both thecontent and the time of the conversation are authenticatable.

[0012] One aspect of the invention provides an apparatus and acorresponding process that includes a signal-receiving interface, anencryption processor for encrypting the received signals, and a storagedevice for storing the encrypted signals. A crypto-key generatorgenerates and transmits a crypto-key, and a message ID generatorgenerates and transmits a message ID. A database stores the message IDso that it is associated with the stored signals.

[0013] Another aspect of the invention provides an apparatus and acorresponding process that includes an audio signal receiving interfacefor receiving audio signals from two sources, an encryption processorfor encrypting the received audio signals, and a storage device forstoring the encrypted signals. A crypto-key generator generates andtransmits a crypto-key to two destinations, and a message ID generatorgenerates and transmits a message ID to the two destinations. A databasestores the message ID so that it is associated with the stored signals.

[0014] Another aspect of the invention provides an apparatus and acorresponding process that includes an interface for receiving audiosignals from two sources, an encryption processor for encrypting thereceived audio signals, and a storage device for storing the encryptedaudio signals. A crypto-key generator generates two crypto-keys andtransmits them to two destinations, respectively. A message ID generatorgenerates and transmits a message ID to the two destinations. A databasestores the message ID so that it is associated with the stored signals.

[0015] Another aspect of the invention provides an apparatus and acorresponding process that includes a number of audio signal receivinginterfaces, and an encryption processor for encrypting the audio signalsarriving from those interfaces. Encrypted audio signals, correspondingto a time during which a given one of the audio signal receivinginterfaces is active, are generated and stored. Crypto-keys and messageIDs are generated and distributed for each stored signal. A databasestores the message ID so that it is associated with the stored signals.

[0016] Another aspect of the invention provides a system and acorresponding process that establishes an audio connection with acalling party, receives an audio communication from the calling party,and encrypts the audio communication. The encrypted audio communicationis stored, and a code for decrypting the encrypted audio communicationis provided to the calling party.

[0017] Another aspect of the invention provides a system and acorresponding process that establishes an audio connection with at leasttwo parties, accesses an audio communication between the parties, andencrypts the audio communication. A key, which can be used to decryptthe encrypted audio recording, is generated. At least two access codesare also generated; any of which can be used to obtain access to theencrypted audio recording. The key is transmitted to all the parties,and one of the access codes is transmitted to each party so that eachparty receives a unique access code.

[0018] Another aspect of the invention provides a system and acorresponding process that includes means for establishing an audioconnection with the parties, means for accessing an audio communicationbetween the parties, and means for encrypting the audio communication.At least two keys are generated; any of which can be used to decrypt theencrypted audio recording. They are transmitted to the parties so thateach party receives a unique key.

[0019] Another aspect of the invention provides a process that includesthe steps of establishing an audio connection between at least twoparties and a remote recording device, and transmitting an audiocommunication between the parties. The process also includes the stepsof receiving from the recording device, for each of the parties, amessage ID, a cryptographic key, and one of a plurality of access codes.These items are required for future playback of the audio communicationrecorded by the remote recording device.

BRIEF DESCRIPTION OF THE DRAWINGS

[0020]FIG. 1A is a block diagram depicting the flow of information forrecording audio information from two parties in accordance with thisinvention.

[0021]FIG. 1B is a block diagram depicting the flow of information forplaying back previously recorded information from two parties inaccordance with this invention.

[0022]FIG. 1C is a block diagram depicting the flow of information formodifying or deleting previously recorded information from two partiesin accordance with this invention.

[0023]FIG. 1D is a block diagram depicting the flow of information forrecording audio information from one party in accordance with thisinvention.

[0024]FIG. 1E is a block diagram depicting the flow of information forplaying back previously recorded information from one party inaccordance with this invention.

[0025]FIG. 2 is a block diagram showing a preferred embodiment of aserver in accordance with this invention.

[0026]FIG. 3 is a table describing a preferred set of fields for themessage database of FIG. 2.

[0027]FIG. 4 is a table describing a preferred set of fields for themessage access database of FIG. 2.

[0028]FIG. 5A is a table describing a preferred set of fields for thecaller database of FIG. 2.

[0029]FIG. 5B is a table describing a preferred set of fields for themessage archive of FIG. 2.

[0030]FIG. 6 is a high-level flow chart depicting the recording of audioinformation.

[0031]FIGS. 7A and 7B are flow charts depicting the processing of anincoming call and the establishing of connections between the centralserver and the parties.

[0032]FIG. 8 is a flow chart depicting the pre-recording processesperformed in accordance with the present invention.

[0033]FIG. 9 is a flow chart depicting the recording of audioinformation in accordance with the present invention.

[0034]FIG. 10 is a flow chart depicting the end of the recording processin accordance with the present invention, including the distribution ofthe cryptographic keys.

[0035]FIG. 11 is a time line depicting participation in a multi-partycall being recorded in accordance with the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

[0036] FIGS. 1A-1E are included to describe the high-level operation ofthe invention, further details of which are set out herein below.

[0037]FIG. 1A is a system overview of an audio recording system thatapplicants refer to as the “audio vault”. This first-describedembodiment is used to record a conversation between two parties 13 and14 linked to an audio vault 12 via a pair of conventional telephoneconnections 15 and 16. A first telephone connection 15 is establishedwith the first 13 party and a second telephone connection 16 isestablished with the second party 14. The audio vault conferences bothtelephone connections 15 and 16 together so that the two parties 13 and14 can converse with one another. Because two telephone connections 15and 16 are used, the audio vault can send individual information to eachparty without revealing that information to the other party.

[0038] As the parties converse with each other, the audio vault 12monitors the call, digitizes and encrypts the conversation, and recordsthe encrypted information. A message ID, a crypto-key, and access codesare distributed to the parties for subsequent use for playback.

[0039]FIG. 1B depicts the standard playback mode of the audio vault. Inthis mode, any party, 13 or 14 that participated in the originalconversation can play back the recorded conversation. The party calls upthe audio vault, using an ordinary telephone connection 15, and providesthe message ID number, the crypto-key, and their individual access code.The audio vault then decrypts the stored information using thecrypto-key and plays the decrypted conversation back to the party.

[0040] In an alternative embodiment, in lieu of sending the audioinformation over ordinary telephone lines, the participating party canaccess the information via computer network connections or the Internet.In the latter case, the party would provide the required access code andcrypto-key via a website. The audio information would then be downloadedto a terminal.

[0041]FIG. 1C depicts a second playback mode in which modification ofthe recorded information can be affected. In accordance with a featureof the invention, authorization from both of the parties to theconversation must be received before the audio vault can modify storedinformation. Thus, the audio vault can modify or delete a call only ifboth parties 13 and 14 provide their individual access codes to theaudio vault 12 via the respective telephone connections 15 and 16, andat least one of the parties 13 or 14 also provide the message ID numberand the crypto key. The audio vault can not modify a recording withoutauthorization from all of the parties to the recording.

[0042] While the embodiment described above works with two users 13 and14 linked to the audio vault 12 using respective telephone connections15 and 16, the embodiment of the audio vault shown in FIG. 1D operatesto record audio input from a single telephone line. In this embodiment,the audio vault can serve a single user at a remote location.Alternatively, this embodiment may be used to record a conversationbetween multiple parties if the parties place a conference call with asingle connection to the audio vault. In this embodiment, the audiovault 12 receives the audio information on a single connection andprovides the calling party(s) with a single message ID and a crypto-keythat can be used to retrieve the audio information.

[0043] In yet another embodiment, also represented by FIG. 1D, the audiovault is configured as a standalone unit and is not connected to atelephone line. In this embodiment, the audio vault is similar to a taperecorder or a “Voice-It” handheld digital audio recorder, but addscryptography and time stamping to provide security, as explained furtherbelow.

[0044]FIG. 1E represents the playback of information from theembodiments of the audio vault shown in FIG. 1D (i.e. the single linetelephone embodiment or the stand-alone embodiment). When the party 13provides the message ID and the crypto-key, the audio vault 12 willdecrypt and plays back the recorded audio information.

[0045]FIG. 2 is a block diagram of one embodiment of audio vault 12. Theaudio vault includes a CPU 21 that performs the processing functions. Italso includes a read only memory 22 (ROM) and a random access memory 23(RAM). The ROM 22 is used to store at least some of the programinstructions that are to be executed by the CPU 21, such as portions ofthe operating system or BIOS, and the RAM 23 is used for temporarystorage of data. A clock circuit 24 provides a clock signal, which isrequired by the CPU 21. The interconnection and function of a CPU inconjunction with ROM, RAM, and a clock circuit is well known to thoseskilled in the art of CPU-based electronic circuit design.

[0046] The audio vault 12 further includes a communication port 25connected to CPU 21 that enables the CPU 21 to communicate with devicesexternal to the audio vault. In particular, the communication port 25facilitates communication between call center interface (CCI) 26 and theCPU 21, so that information arriving from the CCI 26 can be processed bythe CPU 21, and the CPU 21 can send information to users via the CCI 26.Preferably, the CCI includes a private branch exchange (PBX) 26 a thatcan switch multiple telephone lines, an automatic call distributor (ACD)26 b, and an interactive voice response unit (IVRU) 26 c connected in amanner well known to those skilled in the art of telephonecommunications.

[0047] CPU 21 can also store information to, and read information from,a data storage device 27, such as a magnetic, optical, or equivalenttype storage device. This data storage device 27 includes a messagedatabase 27 a, a message access database 27 b, a caller database 27 c,and a message archive 27 d, which are described below. Optionally, anyof the information that is stored in the data storage device 27 may alsobe stored at a remote location (not shown) to provide a back-up versionin the event of data loss.

[0048] The program that is executed by the CPU 21 (the operation ofwhich is described below) may be stored in the data storage device 27,the RAM 23, or the ROM 22. This program controls the operation of theCPU 21, which in turn controls the operation of the audio vault.

[0049] A cryptographic processor 28 is connected to CPU 21 and datastorage device 27. This cryptographic processor 28 has the capability ofgenerating crypto-keys, and encrypting and decrypting information.

[0050]FIG. 6 is a high-level flow chart depicting the operation of theaudio vault. The process begins in step S10 when a first party (party A)places a call to the audio vault. This incoming call is handled by PBX26 a and the associated ACD 26 b. The call can be a “900” number call,with billing services provided by the service provider, as is knownconventionally with 900 number services. Alternatively, the call can beto a conventional direct dial number or an 800 number, and a customer'scredit card account can be charged for the service. Other billingoptions for the use of the audio vault include, for example, a flatmonthly fee, billing by a long distance service provider, prepaid phonecards, and the like.

[0051] After the first party has established a connection with the audiovault, a connection with the second party (party B) must be established.This is depicted in step S12 where the audio vault 12 places a call toparty B. In this case, the telephone number of party B is provided tothe audio vault 12 by calling party A. Alternatively, instead of havingthe audio vault initiate the call to party B, party B may call in to theaudio vault. In this case, party B provides an identification number orpassword, pre-established between parties A and B, that enables theaudio vault to match party B's call to party A's call, with the audiovault will making the connection between the two calls.

[0052] After the connections are established between the audio vault 12and both parties, the audio vault conferences the two calls together,which provides an audio connection between the parties. This allows theparties to talk directly to each other. At this point nothing is beingrecorded without the consent of all parties to the conversation. If,during the conversation, the parties agree to record their conversation(as shown in step S14), one of the parties sends a recording request tothe audio vault (as shown in step S16). This can be accomplished, forexample, by pressing one or more buttons on a touch tone telephone.Alternatively, the audio vault 12 can be programmed to listen to theconversation using a voice recognition processor to determine when arequest for recording has been made. Receiving the request to initiatethe recording may be accomplished using any number of standardtechniques well known to those skilled in the art. Next, in step S18,the audio vault 12 asks for verification of permission to record fromthe other party. For example, the audio vault 12 may generate an audiostatement querying the second party “Do you agree to begin recording”?The second party may respond using the touch tone keys or with a voicecommand, and the response is interpreted in the same way as the initialrequest to start recording.

[0053] Next, in step S20, the audio vault 12 records the phoneconversation and stores it in the data storage device 27. Theconversation is digitized and encrypted by cryptoprocessor 28, so thatit can only be decrypted using the appropriate decryption key.

[0054] Finally, in step S22, the audio vault provides a message IDnumber and a crypto-key to the parties. The message ID and crypto-keycan be used subsequently to retrieve the encrypted information recordedby the parties during the call. While depicted as being provided at theend of the call, the message ID and crypto-key could also be provided atany time during the call.

[0055]FIG. 3 depicts a message database 27 a, which is used to describeeach message stored by the audio vault. The fields of this databaseinclude a message ID number, the name and telephone number of the firstcalling party (who initiated the call), the telephone number of thesecond party, the date of the call, the message start time and end time,and a security level for the stored data.

[0056] A unique message ID number is assigned to each stored message.The message ID number is used as an index into the message database 27a, as well as the message access database 27 b and the message archive27 d and it may be used to retrieve the message from the messagearchive. The message ID number also appears as an entry in the callerdatabase 27 c.

[0057] The remaining fields of the message database describe the variousparameters associated with each stored message. The telephone number ofall incoming calls may be extracted by the ACD using automatic numberidentification (ANI). The telephone number of any call placed by theaudio vault is, of course, known in advance. The name of the first partymay be determined by using the first party's telephone number as anindex into a look up table. Alternatively, it may be determined usingcaller ID or by asking the caller, via the IVRU, to input his name. Thedate, starting time, and ending time of the message are generated byclock 24 and stored in message database 27 a.

[0058] Different levels of security may be provided by the audio vault,and the security level for each recorded call is stored in the messagedatabase 27 a. For example, one level of security could be digitallystoring and encrypting the audio information. With this level ofsecurity, the caller must provide a crypto-key to retrieve and decryptthe stored message in addition to the message ID number. A higher levelof security could be obtained if the key is only provided to a thirdparty such as the court or an attorney. In this case, only the thirdparty will be able to access the message once it has been stored by theuser. Another level of security could allow access to the message onlywhen one or more access codes are provided. Other levels of security canbe readily envisioned. The security level field may also be used todescribe the format of the encryption, if multiple encryption optionsare provided.

[0059]FIG. 4 shows a message access database 27 b that includes a recordfor each recorded message, and is used to store the first and secondparty message access codes for each message. Every recorded message hasan associated record in this database, indexed by the message ID number.The first party access code and the second party access code are stored.

[0060] The access codes may be used to provide increased security forcertain embodiments of the audio vault 12. In one embodiment, access toplayback of the message will be granted if either the first party accesscode or the second party access code is provided to the audio vault.Access to modify the message, however, will only be granted if both thefirst party access code and the second party access code are provided.

[0061] Other embodiments of the audio vault do not require a messageaccess code to access the message, and will allow access using only thecrypto-key and the message ID number. Other message access arrangementscan be readily envisioned.

[0062] While the various message access arrangements are described abovein terms of alternative embodiments, the audio vault can be implementedto allow a different access option for each stored message on anindividual basis. The security level field in the message database maybe used to store the message access option to be used for each message.Alternatively, an additional field may be added to the message accessdatabase 27 b for this purpose.

[0063]FIG. 5a depicts the fields of a caller database 27 c which is usedto index all messages by individual callers or customers. This databaseincludes fields for the name of the caller and a caller identificationnumber that is uniquely assigned to each caller. The ANI field storesthe telephone number of the caller, and it can be used to identify acaller from the ANI information received from incoming calls. Finally, alist of all the message ID numbers associated with each caller is alsostored in the caller database 27 c. This database can be accessed bycaller name to provide a list of messages that belong to a given caller.It can also be accessed by message ID number to determine the name ofthe caller for any given message.

[0064]FIG. 5b depicts the message archive 27 d that is used to store themessages themselves. The message archive has a record for each message,which allows the message to be retrieved using the message ID number.Although the messages depicted in the figure are short, longer messagesmay also be stored in the message archive, as the primary function ofthe message archive is to store the digitized and encrypted audioinformation (i.e., the contents of a conversation). Optionally,additional data may be stored in the message archive 27 d together withthe message, either embedded in the message, or in separate fields. Thisadditional data could include, for example, any of the data that isstored in the databases described above.

[0065] Alternatively, the message may be stored directly in the messagedatabase, and the message archive can be omitted.

[0066]FIGS. 7A and 7B depict the process of establishing the connectionsbetween the parties and the audio vault and the processing of callerinformation by the audio vault. Where a party places a call to the audiovault service, the call arrives, as an incoming call, at call center PBX26 a associated with the audio vault in step S30. The PBX extracts thetelephone number of the incoming call using automatic numberidentification (ANI). In step S32 the PBX 26 a stores the caller'snumber locally in caller database 27 c and decides how to process thecall based on rules programmed in the ACD. Next, in step S34, the audiovault obtains information about the incoming caller. This isaccomplished by connecting the call to an IVRU 26 c. The IVRU 26 cprompts the caller with questions regarding the purpose of the call, andthe responses to these questions determine the functions to be performedby the audio vault 12. For example, the IVRU 26 c can requestinformation about the number of parties to be included in the call, andthe level of security to be associated with the call. The IVRU 26 c mayalso request personal information about the first party (the party whoinitiated the call), the telephone number of the other party to beincluded in the call, and optional additional information about theother party. In step S36, the IVRU 26 c captures the response of thefirst party to the questions asked in step S34. The responses to thesequestions are processed by the ACD, where it is determined what actionmust be taken in order to fulfill the terms of the caller. Steps S34 andS36 may be repeated as many times as necessary when multiple pieces ofinformation must be obtained. The IVRU 26 would thus prompt the callerfor the first piece of information, then receive the first information.Subsequently, the IVRU 26 c would prompt for and receive a second pieceof information. This process continues until the IVRU has captured allof the required information.

[0067] In step 38, the ACD 26 b instructs PBX 26 a to forward theincoming call to a holding queue. The personal information, the secondparty's phone number, and the purpose of the call are all stored in theappropriate record and remain logically linked with the call. The calldata is then transferred to the central controller. In step S40, the ACD26 b instructs the PBX 26 a to place a call to the second party, and thePBX 26 a initiates the call in step S42. When the call is connected, itis routed to the IVRU 26 c which will extract the appropriateinformation from the second party (similar to the information extractedfrom the first party). In step S44, the ACD 26 b takes the informationreceived from the second party and stores it locally in a callerdatabase 27 c. The ACD also transmits this information to the audiovault central controller. After processing the information from thesecond caller, in step S46 ACD 26 b conferences the call from the firstparty and the second party together. Communication between the partiescan then proceed as it would with an ordinary telephone conversation. Instep S48, ACD 26 b connects this two-party conference call to the audiovault central controller via the communication port 25. At this point,the audio vault 12 monitors the conversation between the two parties viathe communication port 25, but does not record the conversation.

[0068] As an alternative to having the audio vault initiate the secondcall (as depicted in step S40), the audio vault can wait for a secondincoming call to arrive. With this arrangement, the parties must agreebetween themselves to call the audio vault at the same time, so thattheir calls can be connected and recorded by the audio vault. When thisarrangement is used, the incoming calls may be matched with one anotherusing a prearranged identifier that is extracted via the IVRU 26 c.

[0069]FIG. 8 depicts the initiation of the recording process, assumingan ongoing conversation has already been set up by the audio vault. Instep S50, the communication between the second parties reaches a pointwhere they wish to begin recording their conversation. Either party caninitiate the recording by sending a signal to the audio vault 12, instep S52, requesting the audio vault to begin recording. This may beaccomplished by pressing an appropriate key on a touch tone telephonekeypad. The IVRU 26 c will capture the keystroke and send it to the ACD26 b. In step S54, ACD 26 b receives the digits captured by the IVRU 26c. Of course, instead of using a keystroke on a touch tone phone, othermethods may be used to initiate the recording. For example, the audiovault may recognize for the phrase “begin recording” using voicerecognition. Numerous other methods for activating the recordingfunction of the audio vault will be apparent to those skilled in theart.

[0070] In step S56, the ACD 26 b commands the IVRU 26 c to play apre-recorded notice indicating that recording will begin shortly, andasking the parties to consent to the recording. In step S58, the partiesindicate that they agree to have their conversation recorded by eitherpressing an appropriate button on the touch tone phone or by a voiceresponse similar to the voice response described above. In step S60, theIVRU 26 c captures the response of the parties and forwards it to ACD 26b. If they have so agreed, the ACD 26 b then notifies the centralcontroller that the parties have agreed to have their conversationrecorded. Permission to record could take place earlier, be built intoregistration, or skipped altogether if laws permit.

[0071] In step S62, the central controller CPU 21 checks the clock 24and determines the exact starting time of the recording. The centralcontroller then stores this starting time in the message database 27 a.In step S64, the CPU 21 assigns a message ID number to the call. It alsocreates a new record in the message database 27 b, which can be accessedusing the message ID number. Then, in step S66, recording of the callbegins.

[0072]FIG. 9 depicts the process of recording information in the audiovault. In step S70, the audio content of the conversation is receivedvia a caller interface such as IVRU 26 c coupled to ACD 26 b, andtransmitted to the CPU 21 by the ACD 26 b. In step S72, the audiomessage signal, which until now has been maintained in an analog format,is converted to digital data by CPU 21. In step S74, the digitized audiomessage data is encrypted by cryptographic processor 28. The date andthe exact time of the call is embedded in the digitized audio data. Instep S76, the encrypted digital audio content of the conversation isstored in the message archive 27 d. This step continues as long asadditional audio information continues to arrive from the parties.Additional time stamps, similar to the one embedded in step S74, may beadded to the audio data at various intervals. Further, callerinformation such as name, telephone number, caller ID and the like, canbe incorporated into the encrypted message to provide an additionallevel of security.

[0073] Referring now to FIG. 10, when a party wishes to stop therecording, the party presses a key on a touch tone telephone, asdepicted in step S80. In step S82, IVRU 26 c will capture this touchtone command and ACD 26 b will notify the central controller that therecording should be terminated. Likewise, if the line or connection isdropped, the recording is terminated. In step S84, the centralcontroller receives the final portion of the audio transmission, andthen completes the encryption of the digitized message. Optionally, anadditional time stamp may be embedded in the audio information at thispoint. In step S86, the CPU 21 instructs the cryptographic processor 28(shown in FIG. 2) to generate a symmetric key. In step S88, thecryptographic processor 28 generates a symmetric key that willultimately be used to decrypt the encrypted information. In step S90,the CPU 21 transmits the symmetric cryptographic key to the IVRU 26 c.The CPU 21 also transmits a message ID number to the IVRU 26 c. Finally,in step S92, the symmetric key and the message ID number are distributedby having the IVRU 26 c provide them in audio format to the partiesparticipating in the call.

[0074] In the embodiment described above, one key and message ID numberis provided to each of the parties to the conversation. Any party to theconversation can subsequently use the key and the message ID number toretrieve the conversation. In one embodiment, in order to maintain theintegrity and security of the message, none of the parties may authorizethe deletion or modification of the recorded message.

[0075] In an alternative embodiment modifications of the message can berequested by the participants in the conversation. This embodiment usesa set of access codes in addition to the message ID and decryption key.Each party to the conversation receives a unique access code, and anygiven party does not know the access codes of the other parties. Onlywhen all of the access codes have been collected by the audio vault willthe audio vault permit the modification of a recording. It should benoted that in this embodiment, the same crypto-key and message ID areprovided to each of the parties, and any party can obtain playback ofthe conversation by providing the message ID, the crypto-key, and theirunique access code. The system may also be configured to allow playbackusing only the crypto-key and the message ID, without providing anaccess code. This may be useful, for example, when an employer wants hisemployees to have access to play a recording only, without authorizingthe employees to modify the recorded information.

[0076] Another embodiment of this invention uses two crypto-keys and asingle message ID for each recorded conversation. The message isencrypted so that either of the two keys will enable the audio vault todecrypt the recording. The message ID plus a one of the two crypto keysare distributed to each party. When the system is implemented in thismanner, any party can play back a message by providing his decryptionkey and the message ID to the audio vault. When both crypto-keys arereceived, the system will also authorize modification or deletion of therecorded message. No access codes are needed in this embodiment.

[0077] Yet another embodiment of this invention is provided for usewhere multiple parties participate in different sections of a singleconversation. In this embodiment, the audio vault provides each partywith access to only those portions of the conversation in which heparticipated. For example, a conversation may occur in which party Aspeaks with party B for one minute. Then, party C is conferenced intothe call, and the conversation continues for an additional minute. Next,party B hangs up, and parties A and C continue to speak for anadditional minute. In this example, party A was present during the wholeconversation, party B was present for only the first two minutes, andparty C was present for only the last two minutes. This is representedschematically in FIG. 11, where the x-axis represents time (in minutes).

[0078] By storing a digitized encrypted copy of the conversationcustomized for each participant, the audio vault can selectively provideplayback access to only those portions of the conversation in which agiven party participated. In this example, because party A participatedduring the whole conversation, A's copy will contain all three minutesof the conversation. Because party B participated in only the first twominutes of the conversation, B's copy will contain only those twominutes. Similarly, because party C participated in only the last twominutes of the conversation, C's copy will contain only those twominutes.

[0079] In a further extension of this embodiment, the audio vault 12stores the input received from each individual line as a separatemessage with its own message ID. Thus, the words produced by eachparticipant are stored separately. In a conversation between fourpeople, it would thus be possible for one party to hear the conversationof three participants, but be precluded from listening to the fourthparticipant. Using the example depicted in FIG. 11, there are threeseparate lines coming into the audio vault 12. Each line has its ownunique stream of digital data being stored in separate records in themessage archive. If party B wants access to his segment of theconversation, the Audio vault 12 retrieves the appropriate segment andprovides the data to him. If party B wants to hear the input from partyA and party C as well, they would need to provide the necessary accessmeans for him to listen to their segments of the conversation.

[0080] Selective access can be implemented by providing a uniquecrypto-key and access code to each participant, which will enable him toaccess only his customized copy of the conversation.

[0081] While the embodiments described above involve two or threecallers connected to the audio vault on separate telephone lines, theseembodiments can be easily extended to serve any number of callersconnected on separate telephone lines.

[0082] An alternative embodiment using only one telephone line may alsobe implemented, as depicted in FIG. 1D. This embodiment may be used byindividuals to unilaterally record information in a secure manner. Theoperation is as described above, the message received from the simpleconnection and the only one message ID and crypto-key being generated.The system could be used, for example, to record a last will andtestament. Optionally, the crypto-key could be provided to a trustedthird party such as an attorney. The system could also be used to recordan invention disclosure to prove that a person conceived of an inventionbefore a given date. Other applications can be readily envisioned.

[0083] The single telephone line embodiment can also be used to recordtwo-party conversations if the parties to an ordinary telephoneconversation place a conference call to the audio vault. The audio vaultwould then receive this conference call on a single telephone line. Inthis embodiment, however, the audio vault will not be able toautomatically determine the identity of all of the parties. Accordingly,the audio vault can query the parties and ask them to provide theirtelephone numbers or other identifying information using the IVRUcapabilities. The audio vault could identify the parties using a voicerecognition system, or only provide one crypto-key and message ID foruse by all of the callers.

[0084] As yet another alternative embodiment, also depicted in FIG. 1D,the audio vault may be implemented as a stand-alone device that is notconnected to a telephone line. In this embodiment, the audio vault willresemble a traditional digital audio recorder but will further include acryptographic processor, input means (such as a keyboard or a voicerecognition unit) for receiving identification information from theusers, and output means for providing cryptographic keys to the user.The output means could include, for example, a speech synthesis circuitor an alphanumeric display. This stand-alone audio vault can also embedtime stamps into the digitally stored and encrypted information. Thetime stamping information may be derived locally from an internal,tamper proof clock. Alternatively, the time stamp information may bereceived via radio transmissions from a remote location. The systemcould further obtain location information from a global positioningsatellite (GPS) system or by triangulating cellular phone signals, andthis location information can be recorded along with the audioinformation.

[0085] Numerous modifications to the embodiments described above can bereadily envisioned. For example, audio vault may be implemented on aninternal corporate telephone system. Or instead of using telephone linesto connect the users to the server, a computer network connection may beused to link parties that own computers. In a further embodiment, thepresent invention may also be implemented by connecting to the partiesover the Internet, where communications are transmitted in packets.

[0086] In another embodiment, the timestamp associated with each storedmessage also includes representations of one or more previous messagetimestamps, to provide an additional degree of message timestampassurance. For example, a hash value of the last three timestamps can bestored in memory for incorporation into the current timestamp. The hashvalues are calculated by applying a hash algorithm to the cleartexttimestamps. The following example illustrates this technique. Fourmessages are received and stored by the audio vault with the firstmessage stored at nine hours, thirty-one minutes and twenty seconds(“09:31:20”). The second, third, and fourth messages are stored at09:31:50, 09:32:10, and 09:32:30, respectively. The timestamp hash valueassociated with the fourth message received is computed as follows:

Fourth Message Timestamp Hash Value=Hash (09:31:20)+Hash (09:31:50)+Hash(09:32:10)+Hash (09:32:30)

[0087] Thus, the hash values for each message relate to their respectiveprevious three messages. Such hash chaining discourages fraudulentmodification of timestamps.

[0088] Suppose a forger discovers the private key used to encrypt thetimestamp of the message stored at 09:31:50 and uses it to change boththe cleartext and hashed parts of the timestamp. A suspicious partycould then challenge the integrity of the 09:31:50 timestamp byrecomputing the appropriate timestamp hash values of the subsequentthree stored messages. If the recomputed hash values do not match theexpected hash values, the 09:31:50 timestamp is demonstrated to havebeen altered. When tampering is generally suspected but no specifictimestamp is in question, an altered timestamp can be determined byrecomputing the most recent stored timestamp and continuing backwardsuntil three successive incorrect timestamps are found. Of course, theforger could theoretically change all the timestamps in the chainedhash, but this would require more effort than changing just the desiredone, and would increase the chances of detection.

[0089] In addition to hashing the timestamp associated with eachmessage, the audio vault may compute the hash value of the stored audiosignals, incorporating the hash values into the timestamp of subsequentmessages, or even into the stored audio of subsequent messages. Attemptsto alter a message would therefore be evident from the recalculation ofsubsequent hash values. The uses and advantages of hash functions arediscussed generally in Schneier, “Applied Cryptography” (2d ed. 1996),chapter 18. Suitable conventional hash algorithms include the SecureHash Algorithm (SHA) developed by the National Institute of Standardsand Technology.

[0090] Certain well-known enhancements to public key cryptography canalso be used to provide greater security. For example, the message couldinclude a digital certificate for public key distribution to a partiesthat do not know the message public key needed to verify a timestampencrypted with the message private key. In such a digital certificate,the message public key is encrypted (and vouched for) by the private keyof a trusted whose public key is known to the recipient. The recipientuses the certifier's public key to decrypt the message public key, thenuses the message public key to verify the timestamp. Alternatively, therecipient could simply obtain the message public key from a publiclyaccessible database, eliminating the need for digital certification.

[0091] To provide an additional measure of security, digital signaturesmay be generated and stored in the message database, or alternativelyembedded in the audio information stored in the message archive.

[0092] To this point, asymmetric (public key) encryption has beendiscussed in the context of the various cryptographic operations.However, symmetric key (e.g., DES) key encryption is also possible,either as a replacement for, or adjunct to (e.g., a symmetric sessionkey transmitted using public key cryptography) public key cryptography.

[0093] The uses and advantages of digital signatures are discussedgenerally in Schneier, “Applied Cryptography” (2d ed. 1996), chapter 2.

[0094] By providing a system as described above, the audio vault canmaintain audio records that are authenticatable as to both time andcontent of a conversation.

[0095] While the invention has been described above in terms of specificembodiments, it is to be understood that the invention is not limited tothe disclosed embodiments. On the contrary, this invention is intendedto cover various modifications and equivalent structures included withinthe spirit and scope of the appended claims.

We claim:
 1. A secure audio signal storage apparatus comprising: asignal receiving interface for receiving audio signals from a signalsource; an encryption processor for encrypting the received audiosignals; a storage device for storing the encrypted audio signals; acrypto-key generator for generating a crypto-key and transmitting thecrypto-key to a destination, wherein the crypto-key can be used todecrypt the encrypted audio signals; a message ID generator forgenerating a message ID associated with the stored audio signals andtransmitting the message ID to the destination; and a database forstoring the message ID and associating the message ID with the storedaudio signals.
 2. The apparatus according to claim 1, furthercomprising: a crypto-key receiving interface for receiving thecrypto-key; a decryption processor for decrypting the stored encryptedaudio signals using the crypto-key; and a signal transmitting interfacefor transmitting the decrypted audio signals to a signal destination. 3.The apparatus according to claim 2, wherein the storage device comprisesa file server for storing a plurality of messages, each of said messagescomprising encrypted audio signals.
 4. The apparatus according to claim1, wherein said signal receiving interface comprises a microphone. 5.The apparatus according to claim 1, wherein said signal receivinginterface comprises a telephone line interface.
 6. The apparatusaccording to claim 1, wherein said signal receiving interface comprisesa computer network connection.
 7. The apparatus according to claim 1,further comprising a controller adapted to embed a time stamp in theencrypted audio signals.
 8. The apparatus according to claim 1, furthercomprising a controller adapted to embed a plurality of chained hashtime stamps in the encrypted audio signals.
 9. The apparatus, accordingto claim 1, further comprising a controller adapted to store a digitalsignature associated with the stored audio signals.
 10. A secure audiosignal storage apparatus comprising: an audio signal receiving interfacefor receiving first audio signals from a first audio signal source, andfor receiving second audio signals from a second audio signal source; anencryption processor for encrypting the received audio signals; an audiosignal storage device for storing the encrypted audio signals; acrypto-key generator for generating a crypto-key and transmitting thecrypto-key to a first destination and a second destination, wherein thecrypto-key can be used to decrypt the encrypted audio signals; a messageID generator for generating a message ID associated with the storedaudio signals and transmitting the message ID to the first destinationand the second destination; and a database for storing the message IDand associating the message ID with the stored audio signals.
 11. Theapparatus according to claim 10, further comprising: a crypto-keyreceiving interface for receiving crypto-keys; a message ID receivinginterface for receiving message IDs; a controller for retrieving thestored audio signals based on the message ID received by said message IDreceiving interface; a decryption processor for decrypting the storedaudio signals using the crypto-key received by said crypto-key receivinginterface; and an audio signal transmitting interface for transmittingthe decrypted audio signals to an audio signal destination.
 12. Theapparatus according to claim 11, further comprising: an access codecontroller for generating a first access code and a second access code,storing the access codes in the database so that the access codes areassociated with the stored audio signals, transmitting the first accesscode to the first destination, and transmitting the second access codeto the second destination; an access code receiving interface forreceiving at least one of the first access code and the second accesscode; and an authorizer for authorizing playback of the stored audiosignals when said access code receiving interface receives an accesscode that matches at least one of the first access code and the secondaccess code.
 13. The apparatus according to claim 12, wherein theauthorizer permits the modification and deletion of the stored audiosignals when said access code receiving interface receives an accesscode that matches the first access code and an access code that matchesthe second access code.
 14. The apparatus according to claim 10, whereinsaid audio signal receiving interface comprises a first telephone lineand a second telephone line.
 15. The apparatus according to claim 10,wherein said audio signal receiving interface comprises a first computernetwork connection and a second computer network connection.
 16. Theapparatus according to claim 10, further comprising a controller adaptedto embed a time stamp in the encrypted audio signals.
 17. The apparatusaccording to claim 10, further comprising a controller adapted to embeda plurality of chained hash time stamps in the encrypted audio signals.18. The apparatus according to claim 10, further comprising a controlleradapted to store a digital signature in the database, associated withthe stored audio signals.
 19. A secure audio signal storage apparatuscomprising: an audio signal receiving interface for receiving firstaudio signals from a first audio signal source, and for receiving secondaudio signals from a second audio signal source; an encryption processorfor encrypting the received audio signals; an audio signal storagedevice for storing the encrypted audio signals; a crypto-key generatorfor generating a first crypto-key and transmitting the first crypto-keyto a first destination, and for generating a second crypto-key andtransmitting the second crypto-key to a second destination, whereineither of the crypto-keys can be used to decrypt the encrypted audiosignals; a message ID generator for generating a message ID associatedwith the stored audio signals and transmitting the message ID to thefirst destination and the second destination; and a database for storingthe message ID and associating the message ID with the stored audiosignals.
 20. The apparatus according to claim 19, further comprising: acrypto-key receiving interface for receiving crypto-keys; a message IDreceiving interface for receiving message IDs; a controller forretrieving the stored audio signals based on the message ID received bysaid message ID receiving interface; a decryption processor fordecrypting the stored audio signals using at least one of the firstcrypto-key and the second crypto-key received by said crypto-keyreceiving interface; and an audio signal transmitting interface fortransmitting the decrypted audio signals to an audio signal destination.21. The apparatus according to claim 20, further comprising: anauthorizer for authorizing playback of the stored audio signals whensaid crypto-key receiving interface receives a crypto-key that matchesat least one of the first crypto-key and the second crypto-key.
 22. Theapparatus according to claim 21, wherein the authorizer permits themodification and deletion of the stored audio signals when saidcrypto-key receiving interface receives a crypto-key that matches thefirst crypto-key and a crypto-key that matches the second crypto-key.23. The apparatus according to claim 19, wherein said audio signalreceiving interface comprises a first telephone line and a secondtelephone line.
 24. The apparatus according to claim 19, wherein saidaudio signal receiving interface comprises a first computer networkconnection and a second computer network connection.
 25. The apparatusaccording to claim 19, further comprising a controller adapted to embeda time stamp in the encrypted audio signals.
 26. The apparatus accordingto claim 19, further comprising a controller adapted to embed aplurality of chained hash time stamps in the encrypted audio signals.27. The apparatus according to claim 19, further comprising a controlleradapted to store a digital signature in the database, associated withthe stored audio signals.
 28. A secure audio signal storage apparatuscomprising: a plurality of audio signal receiving interfaces forreceiving a plurality of audio signals from a plurality of audio signalsources; an encryption processor for encrypting the plurality ofreceived audio signals and outputting a plurality of encrypted audiosignals, each encrypted audio signal corresponding to a time duringwhich a given one of the audio signal receiving interfaces is active; anaudio signal storage device for storing each of the plurality ofencrypted audio signals; a crypto-key generator for generating aplurality of crypto-keys and transmitting each of the crypto-keys to arespective destination, wherein each of the crypto-keys can be used todecrypt a respective encrypted audio signal; a message ID generator forgenerating a plurality of message IDs, each of the message IDsassociated with a respective encrypted audio signal; and a database forstoring each of the message IDs and associating each of the message IDswith a respective encrypted audio signal.
 29. The apparatus according toclaim 28, further comprising: a crypto-key receiving interface forreceiving crypto-keys; a message ID receiving interface for receivingmessage IDs; a controller for retrieving a stored audio signal based onthe message ID received by said message ID receiving interface; adecryption processor for decrypting the stored audio signal using acrypto-key received by said crypto-key receiving interface; and an audiosignal transmitting interface for transmitting the decrypted audiosignal to an audio signal destination.
 30. The apparatus according toclaim 28, wherein each of said audio signal receiving interfacescomprises a telephone line.
 31. The apparatus according to claim 28,wherein each of said audio signal receiving interfaces comprises acomputer network connection.
 32. The apparatus according to claim 28,further comprising a controller adapted to embed a time stamp in each ofthe plurality of encrypted audio signals.
 33. The apparatus according toclaim 28, further comprising a controller adapted to embed a pluralityof chained hash time stamps in each of the plurality of encrypted audiosignals.
 34. The apparatus according to claim 28, further comprising acontroller adapted to store a digital signature in the database,associated with at least one of the plurality of encrypted audiosignals.
 35. A system for recording audio communications, comprising:means for establishing an audio connection with a calling party; meansfor receiving an audio communication over said audio connection fromsaid calling party; means for encrypting said audio communication toprovide an encrypted audio communication; means for storing saidencrypted audio communication; and means for providing a code fordecrypting said encrypted audio communication to said calling party. 36.The system according to claim 35, wherein said means for establishing anaudio connection comprises means for establishing a telephoneconnection.
 37. The system according to claim 35 wherein said means forestablishing an audio connection comprises a computer network connectionand means for transmitting audio data over said computer networkconnection.
 38. The system according to claim 35, further comprisingmeans for embedding a time stamp in the encrypted audio communication.39. The system according to claim 35, further comprising means forembedding a plurality of chained hash time stamps in the encrypted audiocommunication.
 40. The system according to claim 35, further comprisingmeans for storing a digital signature associated with the encryptedaudio communication.
 41. The system according to claim 35, furthercomprising: means for receiving said code from a party; and means fordecrypting the encrypted audio communication using said code.
 42. Asystem for recording audio communications, comprising: means forestablishing an audio connection with at least two parties; means foraccessing an audio communication between said at least two parties;means for encrypting said audio communication to provide an encryptedaudio recording; means for generating a key which can be used to decryptsaid encrypted audio recording; means for generating at least two accesscodes, any of which can be used to obtain access to said encrypted audiorecording; and means for transmitting said key to said at least twoparties and for transmitting said at least two access codes respectivelyto said at least two parties such that each party receives a uniqueaccess code.
 43. The system according to claim 42, wherein said meansfor establishing an audio connection comprises means for establishing ana telephone connection.
 44. The system according to claim 42, whereinsaid means for establishing an audio connection comprises a computernetwork connection and means for transmitting audio data over saidcomputer network connection.
 45. The system according to claim 42,further comprising means for embedding a time stamp in the encryptedaudio recording.
 46. The system according to claim 42, furthercomprising means for embedding a plurality of chained hash time stampsin the encrypted audio communication.
 47. The system according to claim42, further comprising means for storing a digital signature associatedwith the encrypted audio communication.
 48. The system according toclaim 42, further comprising: means for receiving a telephone call fromone of said at least two parties; means for receiving one of said atleast two access codes from said one of said at least two parties; meansfor receiving said key from said one of said at least two parties; meansfor using said one of said at least two access codes to gain access tosaid encrypted audio recording; and means for using said key to decryptsaid encrypted audio recording.
 49. The system according to claim 48,wherein each of said at least two access codes is specific to aparticular encrypted audio recording and a particular party.
 50. Asystem for recording audio communications, comprising: means forestablishing an audio connection with at least two parties; means foraccessing an audio communication between said at least two parties;means for encrypting said audio communication to provide an encryptedaudio recording; means for generating at least two keys, any of whichcan be used to decrypt said encrypted audio recording; and means fortransmitting said at least two keys respectively to said at least twoparties such that each party receives a unique key.
 51. The systemaccording to claim 50, wherein said means for establishing an audioconnection comprises means for establishing an a telephone connection.52. The system according to claim 50, wherein said means forestablishing an audio connection comprises a computer network connectionand means for transmitting audio data over said computer networkconnection.
 53. The system according to claim 50, further comprisingmeans for embedding a time stamp in the encrypted audio recording. 54.The system according to claim 50, further comprising means for embeddinga plurality of chained hash time stamps in the encrypted audiocommunication.
 55. The system according to claim 50, further comprisingmeans for storing a digital signature associated with the encryptedaudio communication.
 56. The system according to claim 50, furthercomprising: means for receiving a telephone call from one of said atleast two parties; means for receiving one of said at least two keysfrom said one of said at least two parties; and means for using said oneof said at least two keys to decrypt said encrypted audio recording. 57.The system according to claim 56, wherein each of said at least two keysis specific to a particular encrypted audio recording and a particularparty.
 58. A process for recording an audio communication, comprisingthe steps of: establishing an audio connection between at least twoparties and a remote recording device; transmitting an audiocommunication between said at least two parties for recording by saidremote recording device; and receiving from said recording device, foreach of said at least two parties, a message ID, a cryptographic key,and one of a plurality of access codes, wherein said message ID, saidcryptographic key, and any one of said plurality of access codes isrequired for future playback of the audio communication recorded by saidremote recording device.
 59. The process according to claim 58, whereinsaid step of establishing an audio connection comprises establishing atelephone connection.
 60. The process according to claim 58, whereinsaid step of establishing an audio connection comprises the steps ofestablishing a computer network connection and transmitting audio dataover said computer network connection.
 61. The process according toclaim 59, wherein said step of establishing a telephone connectioncomprises the steps of: establishing a telephone connection between saidat least two parties; and subsequently establishing a telephoneconnection between said at least two parties and said remote recordingdevice.
 62. The process according to claim 59, wherein said step ofestablishing a telephone connection comprises the steps of: establishinga telephone connection between a first party and said remote recordingdevice; and subsequently establishing a telephone connection between asecond party and said remote recording device.
 63. The process accordingto claim 58, further comprising the steps of: establishing a telephoneconnection with said remote recording device; transmitting said messageID, said cryptographic key, and one of said plurality of access codes tosaid remote recording device; and receiving a playback of the audiocommunication recorded by said remote recording device.
 64. The processaccording to claim 58, further comprising the step of transmittingdigital signatures from said at least two parties to said remoterecording device.
 65. The process according to claim 58, furthercomprising the step of transmitting a digital signature from one of saidat least two parties to said remote recording device.
 66. A process forrecording audio signals, comprising the steps of: receiving audiosignals from a signal source; encrypting the received audio signals;storing the encrypted audio signals; generating a crypto-key andtransmitting the crypto-key to a destination, wherein the crypto-key canbe used to decrypt the encrypted audio signals; generating a message IDassociated with the stored audio signals and transmitting the message IDto the destination; and storing the message ID and associating themessage ID with the stored audio signals.
 67. The process according toclaim 66, further comprising the steps of: receiving the crypto-key;decrypting the stored encrypted audio signals using the crypto-key; andtransmitting the decrypted audio signals to a signal destination. 68.The process according to claim 66, further comprising the step ofembedding a time stamp in the encrypted audio signals.
 69. A process forrecording audio signals, comprising the steps of: receiving audiosignals from a first audio signal source and a second audio signalsource; encrypting the received audio signals; storing the encryptedaudio signals; generating a crypto-key and transmitting the crypto-keyto a first destination and a second destination, wherein the crypto-keycan be used to decrypt the encrypted audio signals; generating a messageID associated with the stored audio signals and transmitting the messageID to the first destination and the second destination; and storing themessage ID and associating the message ID with the stored audio signals.70. The process according to claim 69, further comprising the steps of:receiving a crypto-key; receiving a message ID; retrieving the storedaudio signals based on the received message ID; decrypting the storedaudio signals using the received crypto-key; and transmitting thedecrypted audio signals to an audio signal destination.
 71. The processaccording to claim 70, further comprising the steps of: generating afirst access code and a second access code; storing the access codes inthe database so that the access codes are associated with the storedaudio signals; transmitting the first access code to the firstdestination, and transmitting the second access code to the seconddestination; receiving an access code; and authorizing playback of thestored audio signals when the received access code matches at least oneof the first access code and the second access code.
 72. The processaccording to claim 71, further comprising the step of authorizingmodification and deletion of the stored audio signals after the firstaccess code and the second access code is received.
 73. The processaccording to claim 69, further comprising the step of embedding a timestamp in the encrypted audio signals.
 74. A process for recording audiosignals, comprising the steps of: receiving first audio signals from afirst audio signal source, and receiving second audio signals from asecond audio signal source; encrypting the received audio signals;storing the encrypted audio signals; generating a first crypto-key andtransmitting the first crypto-key to a first destination, and generatinga second crypto-key and transmitting the second crypto-key to a seconddestination, wherein either of the crypto-keys can be used to decryptthe encrypted audio signals; generating a message ID associated with thestored audio signals and transmitting the message ID to the firstdestination and the second destination; and storing the message ID andassociating the message ID with the stored audio signals.
 75. Theprocess according to claim 74, further comprising the steps of:receiving one of the first crypto-key and the second crypto-key;receiving a message ID; retrieving the stored audio signals based on thereceived message ID; decrypting the stored audio signals using thereceived crypto-key; and transmitting the decrypted audio signals to anaudio signal destination.
 76. The process according to claim 75, furthercomprising the steps of: authorizing playback of the stored audiosignals when the received crypto-key matches at least one of the firstcrypto-key and the second crypto-key.
 77. The process according to claim76, further comprising the step of authorizing modification and deletionof the stored audio signals when both the first crypto-key and thesecond crypto-key are received in said receiving step.
 78. The processaccording to claim 74, further comprising the step of embedding a timestamp in the encrypted audio signals.
 79. A process for recording audiosignals, comprising the steps of: receiving a plurality of audio signalsfrom a plurality of audio signal sources; encrypting the plurality ofreceived audio signals and outputting a plurality of encrypted audiosignals, each encrypted audio signal corresponding to a time duringwhich a given one of the audio signal sources is active; storing each ofthe plurality of encrypted audio signals; generating a plurality ofcrypto-keys and transmitting each of the crypto-keys to a respectivedestination, wherein each of the crypto-keys can be used to decrypt arespective encrypted audio signal; generating a plurality of messageIDs, each of the message IDs associated with a respective encryptedaudio signal; and storing each of the message IDs and associating eachof the message IDs with a respective encrypted audio signal.
 80. Theprocess according to claim 79, further comprising the steps of:receiving a crypto-key; receiving a message ID; retrieving a storedaudio signal based on the received message ID; decrypting the storedaudio signal using the received crypto-key; and transmitting thedecrypted audio signal to an audio signal destination.
 81. The processaccording to claim 79, further comprising the step of embedding a timestamp in each of the plurality of encrypted audio signals.
 82. A processfor recording audio communications, comprising the steps of:establishing an audio connection with a calling party; receiving anaudio communication over the audio connection from the calling party;encrypting the audio communication to provide an encrypted audiocommunication; storing the encrypted audio communication; and providinga code for decrypting the encrypted audio communication to the callingparty.
 83. The process according to claim 82, further comprising thestep of embedding a time stamp in the encrypted audio communication. 84.The process according to claim 82, further comprising the steps of:receiving the code from a party; and decrypting the encrypted audiocommunication using the code.
 85. A process for recording audiocommunications, comprising the steps of: establishing an audioconnection with at least two parties; accessing an audio communicationbetween the at least two parties; encrypting the audio communication toprovide an encrypted audio recording; generating a key which can be usedto decrypt the encrypted audio recording; generating at least two accesscodes, any of which can be used to obtain access to the encrypted audiorecording; and transmitting the key to the at least two parties andtransmitting the at least two access codes respectively to the at leasttwo parties such that each party receives a unique access code.
 86. Theprocess according to claim 85, further comprising the step of embeddinga time stamp in the encrypted audio recording.
 87. The process accordingto claim 85, further comprising the steps of: receiving a telephone callfrom one of the at least two parties; receiving one of the at least twoaccess codes from the one of the at least two parties; receiving the keyfrom the one of the at least two parties; using the one of the at leasttwo access codes to gain access to the encrypted audio recording; andusing the key to decrypt the encrypted audio recording.
 88. A processfor recording audio communications, comprising the steps of:establishing an audio connection with at least two parties; accessing anaudio communication between the at least two parties; encrypting theaudio communication to provide an encrypted audio recording; generatingat least two keys, any of which can be used to decrypt the encryptedaudio recording; and transmitting the at least two keys respectively tothe at least two parties such that each party receives a unique key. 89.The process according to claim 88, further comprising the step ofembedding a time stamp in the encrypted audio recording.
 90. The processaccording to claim 88, further comprising the steps of: receiving atelephone call from one of the at least two parties; receiving one ofthe at least two keys from the one of the at least two parties; andusing the one of the at least two keys to decrypt the encrypted audiorecording.